From: Remi Gacogne Date: Wed, 27 Sep 2023 23:54:01 +0000 (+0200) Subject: dnsdist: Get the final size of an encrypted DoQ token in a cleaner way X-Git-Tag: rec-5.0.0-alpha2~6^2~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c0e87fe49e608de3e10c4c037a03227327579fb5;p=thirdparty%2Fpdns.git dnsdist: Get the final size of an encrypted DoQ token in a cleaner way --- diff --git a/pdns/dnsdistdist/doq.cc b/pdns/dnsdistdist/doq.cc index 2cf7b724e3..10f7ea89e1 100644 --- a/pdns/dnsdistdist/doq.cc +++ b/pdns/dnsdistdist/doq.cc @@ -138,9 +138,7 @@ public: unit->ids = std::move(response.d_idstate); DNSResponse dnsResponse(unit->ids, unit->response, unit->downstream); - dnsheader cleartextDH - { - }; + dnsheader cleartextDH{}; memcpy(&cleartextDH, dnsResponse.getHeader(), sizeof(cleartextDH)); if (!response.isAsync()) { @@ -392,7 +390,7 @@ static std::optional getCID() return buffer; } -static constexpr size_t MAX_TOKEN_LEN = std::tuple_size{} /* nonce */ + /* MAC */ crypto_secretbox_MACBYTES + sizeof(uint64_t) /* TTD */ + 16 /* IPv6 */ + QUICHE_MAX_CONN_ID_LEN; +static constexpr size_t MAX_TOKEN_LEN = dnsdist::crypto::authenticated::getEncryptedSize(std::tuple_size{} /* nonce */ + sizeof(uint64_t) /* TTD */ + 16 /* IPv6 */ + QUICHE_MAX_CONN_ID_LEN); static PacketBuffer mintToken(const PacketBuffer& dcid, const ComboAddress& peer) { @@ -836,7 +834,7 @@ void doqThread(ClientState* clientState) dcid.data(), &dcid_len, token.data(), &token_len); if (res != 0) { - DEBUGLOG("Error in quiche_header_info: "<